Security Newsletter
15 October 2018
Google+ Shutting Down After Bug Leaks Info of 500k Accounts
Google has announced that they are closing the consumer functionality of Google+ due lack of adoption and an API bug that leaked the personal information of up to 500,000 Google+ accounts.
While no evidence was found that indicates this bug was ever misused, it was determined that the complexity of protecting and operating a social network like Google+ was not a worthwhile endeavor when so few users actually used the service for any length of time. The consumer functionality of Google+ will be closing over a 10 month period, while Google transitions the product to be used internally by the Enterprise.
After performing a code review of the Google+ APIs, called Project Strobe, Google stated they discovered a bug that could leak the private information of Google+ accounts. This bug could allow a user's installed apps to utilize the API and access non-public information belonging to that user's friends. As Google only keeps two weeks of API logs for its Google+ service, it was impossible for them to determine if the bug was ever misused.
According to a report by the Wall Street Journal, the bug in the Google+ API existed between 2015 and March 2018, which was when Google discovered and fixed the bug. According to their reporting, an internal committee at Google decided not to disclose the bug even though they were not 100% sure that it was not abused. "disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica."
Ironically, a recent study shows Google is the biggest beneficiary of the GDPR. Thanks to its dominant market position, the industry leader benefits from a stronger concentration in the online advertising market. Although the number of trackers is decreasing overall, a few large tracking operators such as Google receive even more user data.
Read More on BleepingComputers
Study: Google is the biggest beneficiary of the GDPR
Google: Project Strobe
This content was created by Kindred Group Security. Please share if you enjoyed!
Kindred Group in brief
Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.
You can access the previous newsletters at https://news.infosecgur.us
If you no longer wish to receive this newsletter, you can unsubscribe from this list.